Rogue software details: Your Protection

Your Protection is a rogue security application. In order to remove it, find out what files and registry entries to look for below.

Known system changes:

Files
c:\Desktop\Your Protection.lnk
c:\Desktop\Your Protection Support.lnk
c:\Desktop\nudetube.com.lnk
c:\Desktop\pornotube.com.lnk
c:\Desktop\youporn.com.lnk
c:\Temp\mplay32xe.exe
c:\ProgramFiles\Your Protection\urpprot.exe
c:\ProgramFiles\Your Protection\urpext.dll
c:\ProgramFiles\Your Protection\urpext.dll
c:\ProgramFiles\Your Protection\urphook.dll
c:\ProgramFiles\Your Protection\urp.db

Folders
c:\ProgramFiles\Your Protection
c:\StartMenu\Programs\Your Protection

Registry entries
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}
Key: HKEY_CLASSES_ROOT\CLSID\
{5E2121EE-0300-11D4-8D3B-444553540000}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Your Protection
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Your Protection
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run
Value: mplay32xe.exe
Data: C:\Temp\mplay32xe.exe
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run
Value: Your Protection
Data: “C:\Program Files\Your Protection\urpprot.exe” -noscan
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\system
Value: DisableTaskMgr
Data: 01, 00, 00, 00
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Shell Extensions\Approved
Value: {5E2121EE-0300-11D4-8D3B-444553540000}
Data: Your Protection extension

Source: Lavasoft Malware Lab’s Rogue Gallery.